We have methods of dealing with these abuse problems today, unfortanately as Paul Vixie often points out there are business reasons why these problems persist. Often the 'business' reason isn't the tin-foil- hat-brigade's reason so much as 'we can't afford to keep these abuse folks around since they don't make money for the company'.
I'll argue that we have don't effective methods of dealing with this today, and it's not the lack of abuse desk people as much as the philosophy of closing barn doors after the fact. The idea that we can leave everything wide open for automated exploit tools, and then clean up afterwards manually with labor-intensive efforts is fundamentally flawed.
and i'd agree. the trouble, when this problem was first isolated, was that the costs and benefits were assymetric. the people who needed the added services (filtering, training, remote OS upgrades/audits/management, etc) were the ones least able/willing to pay extra for those services. the folks who didn't need them have always complained that they have to pay more to avoid getting them. now, though, there's an opportunity to do a marketing U-turn on this. cable and dsl providers in the USA can point to the national cybersecurity plan and say that to comply with it they have to put infected computers in cyberjail, with a fee of $N to get these machines audited, and if found clean, put back on the net, noting that N doubles every time this process is invoked, and that a deposit of $(0.5*N) is required as prepayment for the next incident, refundable after one year if there are no further incidents. then offer to remotely manage their host ("give me your root passwords, trust me!") for an annual fee of $(0.75*N). if the initial value of N were $500, you might be able to get the people who need this service to pay for it. it's worth a try? -- Paul Vixie